On the eve of the European Personal Data Protection Day, the Personal Data Protection Agency, in cooperation with the Croatian Employers’ Association and the IAPP KnowledgeNet chapter Croatia, organized the GDPR conference “Data Protection Officer – The Job of the Future” on January 27 at the Westin Hotel, which it dedicated to key people in the personal data protection system – data protection officers.
In his opening address , the director of the Personal Data Protection Agency, Zdravko Vukić, spoke about the Agency’s activities in the previous year and pointed out that AZOP carried out intensified monitoring activities that resulted in the largest number of administrative fines imposed so far for violating legal regulations on the protection of personal data in the Republic. Croatia and that last year the highest fine so far was imposed in the amount of HRK 2.15 million . “In 2023, the focus of the coordinated initiative of the European Data Protection Board and the Personal Data Protection Agency will be on data protection officers. In the modernized data management system, the data protection officer plays a key role. Unfortunately, the practice and research we conducted show that more than 50% of data protection officers do not have adequate knowledge and competence for the responsible work they perform, and more than 80% point out that they need additional education in the field of personal data protection. It is for this reason that we dedicate this day to the key stakeholders-officials, whose job is not easy at all, especially taking into account the galloping development of modern technologies and the upcoming regulations of the European Union.”
Envoy of the President of the Republic of Croatia and Minister of Defense Dr. sc. Mario Banožić said that the exchange of knowledge, experiences and opinions of experts and officials from the public, financial and IT sectors is the greatest value of this conference. “The protection of personal data has become one of the main topics in the European Union, and the citizens of the European Union, including the Republic of Croatia, are more than ever aware of the fact that the protection of personal data and privacy are fundamental human rights that must be absolutely protected. This is precisely why, especially in the context of global trends, I would highlight digital trends that require us to invest further in cyber security”. Also, in his address, Minister Banožić pointed out that the Ministry of Defense and the Croatian Army recognized the importance of having the ability to defend against cyberattacks through the established Cyberspace Command. “I am convinced that the improvement of the personal data protection system is possible only through continuous interdepartmental cooperation, exchange of experiences, but also through constant training and acquisition of new knowledge and skills.”
“The protection of personal data starts with us, so let’s not joke with ours and other people’s personal data, let’s respect them. I am glad that today’s conference is dedicated to data protection officers, who are the engine, that is, the center and essence of data protection,” said the representative of the President of the Croatian Parliament and member of the Croatian Parliament, Nikola Mažar, and pointed out that certain steps have been taken in the protection of personal data. and privacy, but that there is still a lot of work ahead of us and the Agency for the Protection of Personal Data, which is essential for supervision and education on the importance of personal data protection.
The European Data Protection Supervisor Wojciech Wiewiórowski expressed his gratitude for the previous activities carried out by the Personal Data Protection Agency, both at the international and local level . “Data protection officers are mandatory and their independence is very important, especially in the public sector. It is necessary to encourage them and raise the competences of data protection officers in the Republic of Croatia. Therefore, I welcome the Agency’s approach to this conference and I believe that thanks to this conference, the knowledge of officials will rise to a new level and that the experiences that will be exchanged will be useful, not only for the Republic of Croatia, but also for other countries.”
The State Secretary of the Central State Office for the Development of the Digital Society, Bernard Gršić, also emphasized the increasing importance of cyber security. “It is necessary to establish and maintain cyber hygiene due to the increase in cyber attacks on a global level and the increasing abuse of personal data on social networks. Citizens need to be educated as much as possible about the use of digital services, especially the most vulnerable groups, children and the elderly.”
Assoc. Ph.D.Sc. Petar Mišević, advisor to the president of the Croatian Chamber of Commerce, emphasized the importance of education and raising awareness of the importance of data protection . “AZOP, in cooperation with the Croatian Chamber of Commerce within the framework of the EU project ARC, conducted training for more than 2,000 entrepreneurs and will continue this cooperation in order to make it easier for entrepreneurs to comply with legal regulations on data protection”.
About three hundred data protection officers who participated in the conference had the opportunity to hear from experts and data protection officers from the public, financial and IT sectors about the problems they face and solutions in the implementation of the General Data Protection Regulation. As part of the conference, three panels were held : “Role of data protection officers in the public sector”, “Protection of personal data in the financial sector: challenges and solutions” and “Does technology steal privacy?”.
In the first panel, moderated by Iva Nappholz, legal advisor for projects and support to branch associations from the Croatian Association of Employers, the panelists were Ms. Vlatka Vuković (external data protection officer, Horvath Wolf doo), Mr. Ivan Pristaš (head of the Medical Informatics Department, Croatian Institute for Public Health), Mr. Igor Barlek (external data protection officer, GDPR Croatia), Mr. Ante Barać (data protection officer, HEP dd) and associate professor Ph.D. Renata Mekovec (Faculty of Organization and Informatics) discussed the role of the data protection officer in the public sector, where it was emphasized that the systematization of jobs in the public sector does not recognize the position of data protection officer as a job, therefore a person, in addition to his regular job, must perform the function of data protection officer for which she is not sufficiently educated. In the introductory part of the online panel, Anna Hänninen from the Finnish data protection supervisory authority also spoke.
Participants of the second panel Mrs. Lara Grubišić (data protection officer, Erste Card Club doo), Mrs. Renata Sabljić (Director of the Compliance Department, Croatia osiguranje dd), Mrs. Josipa Višnjić (Head of the Department for Compliance and Legal Affairs, EOS Matrix doo), Mrs. Danijela Pedić (data protection officer, Hrvatska poštanska banka dd) and Mr. Hrvoje Kuterovac (data protection officer, FINA) discussed challenges and solutions in personal data protection in the financial sector. The moderator of the panel was Iva Katic from the Agency for the Protection of Personal Data.
To the question of the last panel “Does technology steal privacy?”, moderated by Mr. William Bello from IAPP KnowledgeNet chapter Croatia, the panel participants Mr. Marijan Bračić (LegIT Software doo), Ms. Nikolina Staničić (data protection officer, Ericsson Nikola Tesla dd), Mr. Neven Dujmović (Arthrex doo), Ph.D. Natalija Parlov Una (information security and privacy certification auditor, TÜV NORD), Mr. Marko Porobija (law firm Porobija & Špoljarić).
Also, new regulations such as the Council of the European Union directive on the security of network and information systems (NIS 2), the CER Directive – the Directive on the resilience of critical entities, the Regulation on digital operational resilience for the financial sector and the like, imply significant investments in cyber security and human resources and a systematic approach to alignment, which represents a challenge for organizations. Therefore, the panels were an ideal opportunity for officials to exchange opinions on how this will also affect their work.
The conference was also attended by the state secretary of the Central State Office for Demography and Youth, MD. Željka Josić, State Secretaries of the Ministry of Justice and Administration Sanjin Rukavina and the Ministry of Regional Development and European Union Funds Spomenka Đurić, Ambassador of the Republic of North Macedonia, H.E. Milaim Fetaij, Ombudsman Tena Šimonović Einwalter, Ombudsman for Children Helenca Pirnat Dragičević, Commissioner for Information Ph.D. Zoran Pičuljan, Vice Chancellor of the Croatian Catholic University Roberto Antolović, Dean of the Faculty of Law in Osijek Tunjica Petrašević and other distinguished guests.
By the way, the Council of Europe, with the support of the European Commission, in 2006 declared January 28 as the European Day for the Protection of Personal Data , which is also called Privacy Day in the world, in order to raise public awareness of a fundamental human right – the right to protect personal data and privacy.